Hotspot honeypot by Blackhat Pakistan 2023
Hotspot Honeypot is a illegitimate Wi-Fi access point that can appear as an authorized and secure hotspot. Despite the appearance, it is actually created by black attackers or malicious hackers to steal your banking and credit details, passwords and other personal information.
Many of us fall victim to the Honeypot. It tricks wireless users into connecting their laptops or mobile phones to these fake hotspots by pretending to be legitimate. Once the victim is connected, the cyber attacker can launch a man-in-the-middle attack that allows them to record all of your internet activity in an attempt to steal your banking information using a fake website.
Hotspot Honeypot is one of the commjacking (cyber threats) methods that are now being used on a large scale. The main reason is that it can be easily set up by anyone with minimal hardware requirements.
How hackers use hotspot honeypot
There are two types of hackers: ethical (white-hat) hackers and unethical (black-hat) hackers. The former use their skills to find security breaches in their own companies and organizations such as government and police departments. They use their skills to steal personal information from other organizations and use it for their own good. This is often done using access points or man-in-the-middle attacks
In this article, we’ll show how Hotspot Honeypot works by setting up a basic Wi-Fi Honeypot and forcing clients to connect to it instead of the network they want.
When the device is running, it periodically sends signals to the wireless access points it has previously connected to. This device also searches for other wireless networks to connect to as well. We will now emulate a wireless network that is within reach of the client, such as one found at Starbucks, Panera Bread, or other gathering places with Wi-Fi available.
Also Read:UEFI Boot vs. the MBR/VBR Boot Process-byBlackhat Pakistan 2023
Honeypot setup
Here are the tools you will need to complete this task:
- Notebook
- Wi-Fi card ALFA
- Aircrack suite
- An unsuspecting victim
- First, you need to find public networks that our victim intends to connect to. We need to put the ALFA card into monitoring mode by running “ifconfig” and looking for the interface. In this case it is wlan2.
Figure 1: Interface (wlan2)
2.Next, we actually put the wlan2 interface into the monitor mode by running the command “sudo ‘airmon-ng start wlan2.” This will create an interface mon0.
Figure 2: Executing the “sudo airodump-ng mon0.” command
- Next we try to find some networks that people are trying to join. This can be done using the command “sudo airodump-ng mon0.” This is shown in the screenshot above.
After executing this command, you will see the Wi-Fi network and the clients trying to connect to them. We can attack clients connected to the network as well as clients not connected to it.
In this scenario, we have an open access point (AP) named SECNET2 (running with a test network for lab work). Now we will create a Honeypot for this AP.
- A fake AP can be created with the command “sudo airbase-ng –essid “SECNET2” -c 2 mon0.” Now if someone who has connected to this network before comes, they will automatically connect to this Honeypot because the SSID is the same as The SSID of an already trusted wireless access point on the device.
If we want clients that are connected to legitimate networks to gradually connect to our fake AP, we send fake deauthentication messages. Then when it reauthenticates it will connect to our AP. An authentication revocation message is a type of message sent by an access point to force a client computer off the network. This is used to force the user out of their trusted network before forcing them to connect to the Honeypot.
- The steps above describe how a simple Wi-Fi Honeypot can be set up. Once this is done, the potential to commit various cyber crimes is quite high, such as:
- Hacking into bank accounts
- Launching ransomware attacks
- Theft of personal and confidential information/data
- Launching BEC attacks
- A few ways to protect yourself from hotspot honeypots
- Below are a few methods that can be used to protect your information and increase your security:
Turn off Wi-Fi
There is no security or privacy risk if your Wi-Fi is not turned on. Instead, we can use a 3G or 4G USB flash drive. For laptops, we can also use a wired Ethernet connection.
Avoid open Wi-Fi networks
If you care about the security of your personal data, you should avoid open Wi-Fi networks altogether. This is what most cyber security specialists suggest. If you’re still going to use open networks, use WPA-encrypted networks instead.
Use a VPN
If you still want to use an open network, you should use what’s known as a virtual private network (VPN) to get an extra layer of security. But even if you use a VPN, an attacker can tamper with your Wi-Fi connection by sending a fake deauthentication frame.
Change your Wi-Fi settings
Changing your Wi-Fi settings also helps protect your personal information and data. If your computer or smartphone no longer remembers the network it joined, it will also help protect your privacy. In OS X, go to “network settings” and under “advanced” turn off “Remember networks this computer has connected to”.
Conclusion
We should take care of our own safety and protect our personal data by being aware of how such cyber crimes really exist. These cases are increasing because of the easy availability of resources and the low cost associated with them.
In this article I explained the commjacking method known as Hotspot Honeypot and also reviewed how to set it up. Various strategies to secure our information are also included in the article. You can use the most suitable method that suits you, but it is strongly recommended not to use public networks to conduct financial transactions or other related activities.
